Export limit exceeded: 357096 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357096 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36770 | 1 Tenda | 1 Us W3v1.0br | 2026-06-10 | 7.5 High |
| Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-36777 | 1 Tenda | 1 W3 Wireless Router | 2026-06-10 | N/A |
| Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2026-45643 | 1 Microsoft | 12 365 Apps, Microsoft 365 Apps For Enterprise, Microsoft Office 365 For Mac and 9 more | 2026-06-10 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-47292 | 1 Microsoft | 1 Visual Studio Code Mssql Extension | 2026-06-10 | 7.8 High |
| Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-44822 | 1 Microsoft | 10 365 Apps, Excel 2016, Microsoft Office 365 For Mac and 7 more | 2026-06-10 | 8.2 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-45476 | 1 Microsoft | 2 Linux Kernel - Microsoft Mana Network Driver, Linux Kernel Mana Network Driver | 2026-06-10 | 8.2 High |
| Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45644 | 1 Microsoft | 2 Live Share Canvas, Microsoft Live Share Canvas Sdk | 2026-06-10 | 8 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-48565 | 1 Microsoft | 1 Windows Narrator Braille | 2026-06-10 | 7.8 High |
| Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54509 | 1 Amd | 6 Epyc 8004 Series Processors, Epyc 9004 Series Processors, Epyc 9005 Series Processors and 3 more | 2026-06-10 | N/A |
| Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity. | ||||
| CVE-2026-10045 | 1 Shenzhen Kangda Xin Intelligent Network Technology | 1 Dr300 | 2026-06-10 | 9.8 Critical |
| Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices. | ||||
| CVE-2026-8863 | 7 Baramundi Software, Blancco Uk, Finland Matriculation Board and 4 more | 12 Baramundi Management Suite, Whitecanyon Wipedrive, Abitti 1 and 9 more | 2026-06-10 | 7.8 High |
| Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders. | ||||
| CVE-2026-6445 | 1 Everpure | 1 Flasharray | 2026-06-10 | N/A |
| A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges. | ||||
| CVE-2026-6444 | 1 Everpure | 1 Flasharray | 2026-06-10 | N/A |
| A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges. | ||||
| CVE-2026-32856 | 1 Ellucian | 1 Banner Self-service | 2026-06-10 | 6.1 Medium |
| Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the dateConverter endpoint. Attackers can craft a malicious URL targeting the unauthenticated dateConverter endpoint to steal session cookies or perform other malicious actions in the context of the victim's browser session. | ||||
| CVE-2026-47106 | 1 Ellucian | 1 Banner Self-service | 2026-06-10 | 5.4 Medium |
| Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding during DOM insertion. Attackers can store malicious JavaScript in fields such as faculty displayName, emailAddress, subjectDescription, or courseTitle through the unauthenticated getFacultyMeetingTimes API endpoint, causing arbitrary script execution. | ||||
| CVE-2026-47908 | 1 Adobe | 1 Dreamweaver | 2026-06-10 | 7.8 High |
| Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-47906 | 1 Adobe | 1 Dreamweaver | 2026-06-10 | 8.6 High |
| Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | ||||
| CVE-2026-47907 | 1 Adobe | 1 Dreamweaver | 2026-06-10 | 8.2 High |
| Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | ||||
| CVE-2026-47910 | 1 Adobe | 1 Dreamweaver | 2026-06-10 | 6.3 Medium |
| Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | ||||
| CVE-2026-47909 | 1 Adobe | 1 Dreamweaver | 2026-06-10 | 6.3 Medium |
| Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | ||||